Insertion of Sensitive Information Into Sent Data
CVE-2024-7698
Summary
A low privileged remote attacker canĀ get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.
- LOW
- NETWORK
- NONE
- UNCHANGED
- REQUIRED
- LOW
- HIGH
- NONE
CWE-201 - Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
References
Advisory Timeline
- Published
